Configuring Software Authentication Manager

Software
Authentication Manager (SAM) is a component of the
the Cisco ASR 9000 Series Router operating system that ensures that
software being installed on the router is safe, and that the software does not
run if its integrity has been compromised.

Prerequisites for Configuring Software Authentication Manager

You must be in a user group associated with a task group that
includes the proper task IDs. The command reference guides include the task IDs
required for each command. If you suspect user group assignment is preventing
you from using a command, contact your AAA administrator for assistance.

Information about Software Authentication Manager

For SAM to verify software during installation, the software to be installed must be in a Packager for IOS/ENA (PIE) format. PIEs are digitally signed and SAM verifies the digital signature before allowing bits from that PIE to reside on the router. Each time an installed piece of software is run, SAM ensures that the integrity of the software is not been compromised since it was installed. SAM also verifies that software preinstalled on a flash card has not been tampered with while in transit.

When the initial image or a software package update is loaded on the router, SAM verifies the validity of the image by checking the expiration date of the certificate used to sign the image. If an error message is displayed indicating that your certificate has expired, check the system clock and verify that it is accurate. If the system clock is not set correctly, the system does not function properly.

How to set up a
Prompt Interval for the Software Authentication Manager

When the SAM detects
an abnormal condition during boot time, it prompts the user to take action and
waits for a certain interval. When the user does not respond within this
interval, SAM proceeds with a predetermined action that can also be configured.

Sets the prompt
interval in seconds, after which the SAM either proceeds or terminates the
interval. The Prompt interval ranges from 0 to 300 seconds.

If the user
responds, SAM considers it as a ‘Yes’ and proceeds with the next action. If the
user does not respond, SAM considers it as a ‘No’ and terminates the action.
The default time for which SAM waits is 10 seconds.